Cryptocurrency exchange heist thwarted as thieves lose their own coins in failed robbery

'All funds are safe', Binance reassures customers after moderators block attempted raid on trading platform by 'well organised' cyber-criminals

Joe Sommerlad
Friday 09 March 2018 10:18 GMT
Comments
What is Bitcoin and why is its price so high?

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

One of the world's biggest cryptocurrency trading platforms was targeted by thieves this week - but the would-be raiders got away with nothing and actually lost money themselves in the attempt.

"All funds are safe", Binance CEO Changpeng Zhao said on Twitter, moving to reassure customers unnerved by feverish speculation.

Rumours of a raid on the China-based exchange had spread on Reddit on Wednesday morning when panicked traders reported seeing their balances drained and their holdings sold at market rates after being converted to viacoin, a type of altcoin with low liquidity 25 times faster to transact with than bitcoin.

Binance said its cyber-security team had intervened in time after spotting the suspicious trading activity and moved to reassure Reddit with a statement saying all withdrawals had been temporarily suspended and that an investigation was underway, stressing there was "no evidence" the exchange had been compromised.

The company later revealed that the attempted heist was "large-scale" and carried out by "well organised" cyber-criminals, according to The Financial Times.

Those responsible, as yet unidentified, had launched a phishing scheme in January to dupe traders into handing over their login credentials to phoney sites with similar domain names.

Having access to users' passwords enabled the hackers to create API keys - essentially passcodes that permit the holder to build software that could interact with the Binance exchange.

They then bided their time before using the API keys to bulk order viacoin on Wednesday morning, sending its value rocketing 143 per cent in 30 minutes from $2.80 (£2.03) to $6.79 (£4.91).

Viacoin's suspicious spike in value on Wednesday
Viacoin's suspicious spike in value on Wednesday (CoinMarketCap)

Once viacoin's price spiked, they sold their holdings in exchange for bitcoin using 31 preloaded accounts before quickly submitting withdrawal requests to Binance.

But the irregular nature of this activity tipped off Binance's "automatic risk management system" and the site's moderators stepped in to block the transactions.

"None of the withdrawals successfully went out. Additionally, the viacoins deposited by the hackers were also frozen. Not only did the hacker not steal any coins out, their own coins have also been withheld," Binance said.

The thwarted robbery happened on the same day that almost all of CoinMarketCap's top 50 cryptocurrencies saw a decline in value in response to the US Securities and Exchange Commission stating that the world's $405bn (£292bn) digicoin market would ultimately require registration and regulation to safeguard investors.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in